<!DOCTYPE HTML>
<html lang="zh-tw" >
    <!-- Start book Flask框架 -->
    <head>
        <!-- head:start -->
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <title>csrf攻击 | Flask框架</title>
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <meta name="description" content="">
        <meta name="generator" content="GitBook 2.6.7">
        
        
        <meta name="HandheldFriendly" content="true"/>
        <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
        <meta name="apple-mobile-web-app-capable" content="yes">
        <meta name="apple-mobile-web-app-status-bar-style" content="black">
        <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
        <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
        
    <link rel="stylesheet" href="../gitbook/style.css">
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-toggle-chapters/toggle.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-emphasize/plugin.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
        
    
    

        
    
    
    <link rel="next" href="../shu-ju-ku.html" />
    
    
    <link rel="prev" href="../mo-ban/te-you-bian-liang-he-han-shu.html" />
    

        <!-- head:end -->
    </head>
    <body>
        <!-- body:start -->
        
    <div class="book"
        data-level="2.11"
        data-chapter-title="csrf攻击"
        data-filepath="mo-ban/csrf.md"
        data-basepath=".."
        data-revision="Fri Aug 24 2018 10:39:47 GMT+0800 (CST)"
        data-innerlanguage="">
    

<div class="book-summary">
    <nav role="navigation">
        <ul class="summary">
            
            
            
            

            

            
    
        <li class="chapter " data-level="0" data-path="index.html">
            
                
                    <a href="../index.html">
                
                        <i class="fa fa-check"></i>
                        
                        Flask框架
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1" data-path="shi-tu-ji-lu-you.html">
            
                
                    <a href="../shi-tu-ji-lu-you.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.</b>
                        
                        路由和视图
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.1" data-path="shi-tu-ji-lu-you/flaskjian-jie.html">
            
                
                    <a href="../shi-tu-ji-lu-you/flaskjian-jie.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.1.</b>
                        
                        Flask简介
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="shi-tu-ji-lu-you/flaskhuan-jing-an-zhuang.html">
            
                
                    <a href="../shi-tu-ji-lu-you/flaskhuan-jing-an-zhuang.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.2.</b>
                        
                        虚拟环境
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="shi-tu-ji-lu-you/helloworld.html">
            
                
                    <a href="../shi-tu-ji-lu-you/helloworld.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.3.</b>
                        
                        HelloWorld
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="shi-tu-ji-lu-you/xiang-guan-pei-zhi-can-shu.html">
            
                
                    <a href="../shi-tu-ji-lu-you/xiang-guan-pei-zhi-can-shu.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.4.</b>
                        
                        相关配置参数
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.5" data-path="shi-tu-ji-lu-you/lu-you-de-ge-zhong-ding-yi.html">
            
                
                    <a href="../shi-tu-ji-lu-you/lu-you-de-ge-zhong-ding-yi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.5.</b>
                        
                        路由信息
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.6" data-path="shi-tu-ji-lu-you/shi-tu-chang-yong-luo-ji.html">
            
                
                    <a href="../shi-tu-ji-lu-you/shi-tu-chang-yong-luo-ji.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.6.</b>
                        
                        响应信息
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.7" data-path="shi-tu-ji-lu-you/zheng-ze-pi-pei-lu-you.html">
            
                
                    <a href="../shi-tu-ji-lu-you/zheng-ze-pi-pei-lu-you.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.7.</b>
                        
                        转换器
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.8" data-path="shi-tu-ji-lu-you/yi-chang-bu-huo.html">
            
                
                    <a href="../shi-tu-ji-lu-you/yi-chang-bu-huo.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.8.</b>
                        
                        abort,errorhandler
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.9" data-path="shi-tu-ji-lu-you/qing-qiu-gou-zi.html">
            
                
                    <a href="../shi-tu-ji-lu-you/qing-qiu-gou-zi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.9.</b>
                        
                        请求钩子
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.10" data-path="shi-tu-ji-lu-you/huo-qu-qing-qiu-can-shu.html">
            
                
                    <a href="../shi-tu-ji-lu-you/huo-qu-qing-qiu-can-shu.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.10.</b>
                        
                        request请求参数
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2" data-path="mo-ban.html">
            
                
                    <a href="../mo-ban.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.</b>
                        
                        视图内容和模板
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.1" data-path="shi-tu-ji-lu-you/zhuang-tai-bao-chi.html">
            
                
                    <a href="../shi-tu-ji-lu-you/zhuang-tai-bao-chi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.1.</b>
                        
                        状态保持(cookie,session)
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.1.1" data-path="shi-tu-ji-lu-you/zhuang-tai-bao-chi/cookie.html">
            
                
                    <a href="../shi-tu-ji-lu-you/zhuang-tai-bao-chi/cookie.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.1.1.</b>
                        
                        Cookie
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.1.2" data-path="shi-tu-ji-lu-you/zhuang-tai-bao-chi/session.html">
            
                
                    <a href="../shi-tu-ji-lu-you/zhuang-tai-bao-chi/session.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.1.2.</b>
                        
                        Session
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2.2" data-path="shi-tu-ji-lu-you/shang-xia-wen.html">
            
                
                    <a href="../shi-tu-ji-lu-you/shang-xia-wen.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.2.</b>
                        
                        上下文(理解)
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.3" data-path="shi-tu-ji-lu-you/flask-script.html">
            
                
                    <a href="../shi-tu-ji-lu-you/flask-script.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.3.</b>
                        
                        flask_script扩展
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.4" data-path="mo-ban/jinja2mo-ban-yin-qing.html">
            
                
                    <a href="../mo-ban/jinja2mo-ban-yin-qing.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.4.</b>
                        
                        jinja2模板概念
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.5" data-path="mo-ban/jinja2mo-ban-yin-qing-shi-yong.html">
            
                
                    <a href="../mo-ban/jinja2mo-ban-yin-qing-shi-yong.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.5.</b>
                        
                        render_template函数,模板语法
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.6" data-path="mo-ban/guo-lv-qi.html">
            
                
                    <a href="../mo-ban/guo-lv-qi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.6.</b>
                        
                        模板过自带滤器
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.7" data-path="mo-ban/zi-ding-yi-guo-lv-qi.html">
            
                
                    <a href="../mo-ban/zi-ding-yi-guo-lv-qi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.7.</b>
                        
                        自定义过滤器
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.8" data-path="mo-ban/kong-zhi-dai-ma-kuai.html">
            
                
                    <a href="../mo-ban/kong-zhi-dai-ma-kuai.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.8.</b>
                        
                        模板案例练习
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.9" data-path="mo-ban/mo-ban-dai-ma-fu-yong.html">
            
                
                    <a href="../mo-ban/mo-ban-dai-ma-fu-yong.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.9.</b>
                        
                        模板代码复用
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.9.1" data-path="mo-ban/mo-ban-dai-ma-fu-yong/hong.html">
            
                
                    <a href="../mo-ban/mo-ban-dai-ma-fu-yong/hong.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.9.1.</b>
                        
                        宏
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.9.2" data-path="mo-ban/mo-ban-dai-ma-fu-yong/ji-cheng.html">
            
                
                    <a href="../mo-ban/mo-ban-dai-ma-fu-yong/ji-cheng.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.9.2.</b>
                        
                        继承
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.9.3" data-path="mo-ban/mo-ban-dai-ma-fu-yong/bao-han.html">
            
                
                    <a href="../mo-ban/mo-ban-dai-ma-fu-yong/bao-han.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.9.3.</b>
                        
                        包含
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2.10" data-path="mo-ban/te-you-bian-liang-he-han-shu.html">
            
                
                    <a href="../mo-ban/te-you-bian-liang-he-han-shu.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.10.</b>
                        
                        模板特有变量
                    </a>
            
            
        </li>
    
        <li class="chapter active" data-level="2.11" data-path="mo-ban/csrf.html">
            
                
                    <a href="../mo-ban/csrf.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.11.</b>
                        
                        csrf攻击
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3" data-path="shu-ju-ku.html">
            
                
                    <a href="../shu-ju-ku.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.</b>
                        
                        数据库
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.1" data-path="shu-ju-ku/orm.html">
            
                
                    <a href="../shu-ju-ku/orm.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.1.</b>
                        
                        ORM概述
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.2" data-path="shu-ju-ku/flask-sqlalchemyan-zhuang-ji-she-zhi.html">
            
                
                    <a href="../shu-ju-ku/flask-sqlalchemyan-zhuang-ji-she-zhi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.2.</b>
                        
                        Flask-SQLAlchemy安装及配置
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.3" data-path="shu-ju-ku/shu-ju-ku-de-ji-ben-cao-zuo.html">
            
                
                    <a href="../shu-ju-ku/shu-ju-ku-de-ji-ben-cao-zuo.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.3.</b>
                        
                        数据库的基本操作
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.</b>
                        
                        综合案例-图书管理
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.4.1" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/ding-yi-mo-xing.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/ding-yi-mo-xing.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.1.</b>
                        
                        数据库配置信息&amp;模型类创建
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4.2" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shu-ju-ku-biao-chuang-5efa26-ce-shi-shu-ju-tian-jia.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shu-ju-ku-biao-chuang-5efa26-ce-shi-shu-ju-tian-jia.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.2.</b>
                        
                        数据库表创建&amp;测试数据添加
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4.3" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shu-ju-xian-793a26-biao-dan-tian-jia.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shu-ju-xian-793a26-biao-dan-tian-jia.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.3.</b>
                        
                        数据显示
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4.4" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/biao-dan-yan-zheng.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/biao-dan-yan-zheng.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.4.</b>
                        
                        数据添加
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4.5" data-path="shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shan-chu-shu-ju.html">
            
                
                    <a href="../shu-ju-ku/zong-he-an-4f8b-tu-shu-guan-li/shan-chu-shu-ju.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.5.</b>
                        
                        删除数据
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3.5" data-path="shu-ju-ku/duo-dui-duo-yan-lian.html">
            
                
                    <a href="../shu-ju-ku/duo-dui-duo-yan-lian.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.5.</b>
                        
                        多对多演练
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.6" data-path="shu-ju-ku/shu-ju-ku-qian-yi.html">
            
                
                    <a href="../shu-ju-ku/shu-ju-ku-qian-yi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.6.</b>
                        
                        数据库迁移
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.7" data-path="shu-ju-ku/chang-jian-guan-xi-mo-ban-dai-ma.html">
            
                
                    <a href="../shu-ju-ku/chang-jian-guan-xi-mo-ban-dai-ma.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.7.</b>
                        
                        常见关系模板代码
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="4" data-path="lan-tu-dan-yuan-ce-shi.html">
            
                
                    <a href="../lan-tu-dan-yuan-ce-shi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.</b>
                        
                        蓝图&amp;单元测试
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="4.1" data-path="lan-tu-dan-yuan-ce-shi/lan-tu.html">
            
                
                    <a href="../lan-tu-dan-yuan-ce-shi/lan-tu.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.1.</b>
                        
                        蓝图
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.2" data-path="lan-tu-dan-yuan-ce-shi/dan-yuan-ce-shi.html">
            
                
                    <a href="../lan-tu-dan-yuan-ce-shi/dan-yuan-ce-shi.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.2.</b>
                        
                        单元测试
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    


            
            <li class="divider"></li>
            <li>
                <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
                    本書使用 GitBook 釋出
                </a>
            </li>
            
        </ul>
    </nav>
</div>

    <div class="book-body">
        <div class="body-inner">
            <div class="book-header" role="navigation">
    <!-- Actions Left -->
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="../" >Flask框架</a>
    </h1>
</div>

            <div class="page-wrapper" tabindex="-1" role="main">
                <div class="page-inner">
                
                
                    <section class="normal" id="section-">
                    
                        <h1 id="csrf&#x7406;&#x89E3;">CSRF(&#x7406;&#x89E3;)</h1>
<h3 id="&#x4E00;-&#x4EC0;&#x4E48;&#x662F;csrftoken">&#x4E00;. &#x4EC0;&#x4E48;&#x662F;CSRFToken?</h3>
<ul>
<li><code>CSRF</code>&#x5168;&#x62FC;&#x4E3A;<code>Cross Site Request Forgery</code>&#xFF0C;&#x8BD1;&#x4E3A;&#x8DE8;&#x7AD9;&#x8BF7;&#x6C42;&#x4F2A;&#x9020;&#x3002;</li>
<li><code>CSRF</code>&#x6307;&#x653B;&#x51FB;&#x8005;&#x76D7;&#x7528;&#x4E86;&#x4F60;&#x7684;&#x8EAB;&#x4EFD;&#xFF0C;&#x4EE5;&#x4F60;&#x7684;&#x540D;&#x4E49;&#x53D1;&#x9001;&#x6076;&#x610F;&#x8BF7;&#x6C42;&#x3002;<ul>
<li>&#x5305;&#x62EC;&#xFF1A;&#x4EE5;&#x4F60;&#x540D;&#x4E49;&#x53D1;&#x9001;&#x90AE;&#x4EF6;&#xFF0C;&#x53D1;&#x6D88;&#x606F;&#xFF0C;&#x76D7;&#x53D6;&#x4F60;&#x7684;&#x8D26;&#x53F7;&#xFF0C;&#x751A;&#x81F3;&#x4E8E;&#x8D2D;&#x4E70;&#x5546;&#x54C1;&#xFF0C;&#x865A;&#x62DF;&#x8D27;&#x5E01;&#x8F6C;&#x8D26;......</li>
</ul>
</li>
<li>&#x9020;&#x6210;&#x7684;&#x95EE;&#x9898;&#xFF1A;&#x4E2A;&#x4EBA;&#x9690;&#x79C1;&#x6CC4;&#x9732;&#x4EE5;&#x53CA;&#x8D22;&#x4EA7;&#x5B89;&#x5168;&#x3002;</li>
</ul>
<h3 id="&#x4E8C;csrf&#x653B;&#x51FB;&#x793A;&#x610F;&#x56FE;">&#x4E8C;.CSRF&#x653B;&#x51FB;&#x793A;&#x610F;&#x56FE;</h3>
<ul>
<li>&#x5BA2;&#x6237;&#x7AEF;&#x8BBF;&#x95EE;&#x670D;&#x52A1;&#x5668;&#x65F6;&#x6CA1;&#x6709;&#x540C;&#x670D;&#x52A1;&#x5668;&#x505A;&#x5B89;&#x5168;&#x9A8C;&#x8BC1;</li>
</ul>
<p><img src="../assets/CSRF&#x653B;&#x51FB;&#x8FC7;&#x7A0B;.png" alt=""></p>
<h3 id="&#x4E09;&#x9632;&#x6B62;csrf&#x653B;&#x51FB;">&#x4E09;.&#x9632;&#x6B62;CSRF&#x653B;&#x51FB;</h3>
<ol>
<li>&#x5728;&#x5BA2;&#x6237;&#x7AEF;&#x5411;&#x540E;&#x7AEF;&#x8BF7;&#x6C42;&#x754C;&#x9762;&#x6570;&#x636E;&#x7684;&#x65F6;&#x5019;&#xFF0C;&#x540E;&#x7AEF;&#x4F1A;&#x5F80;&#x54CD;&#x5E94;&#x4E2D;&#x7684; cookie &#x4E2D;&#x8BBE;&#x7F6E; csrf_token &#x7684;&#x503C;</li>
<li>&#x5728; Form &#x8868;&#x5355;&#x4E2D;&#x6DFB;&#x52A0;&#x4E00;&#x4E2A;&#x9690;&#x85CF;&#x7684;&#x7684;&#x5B57;&#x6BB5;&#xFF0C;&#x503C;&#x4E5F;&#x662F; csrf_token</li>
<li>&#x5728;&#x7528;&#x6237;&#x70B9;&#x51FB;&#x63D0;&#x4EA4;&#x7684;&#x65F6;&#x5019;&#xFF0C;&#x4F1A;&#x5E26;&#x4E0A;&#x8FD9;&#x4E24;&#x4E2A;&#x503C;&#x5411;&#x540E;&#x53F0;&#x53D1;&#x8D77;&#x8BF7;&#x6C42;</li>
<li>&#x540E;&#x7AEF;&#x63A5;&#x53D7;&#x5230;&#x8BF7;&#x6C42;&#xFF0C;&#x4EE5;&#x4F1A;&#x4EE5;&#x4E0B;&#x51E0;&#x4EF6;&#x4E8B;&#x4EF6;&#xFF1A;<ul>
<li>&#x4ECE; cookie&#x4E2D;&#x53D6;&#x51FA; csrf_token</li>
<li>&#x4ECE; &#x8868;&#x5355;&#x6570;&#x636E;&#x4E2D;&#x53D6;&#x51FA;&#x6765;&#x9690;&#x85CF;&#x7684; csrf_token &#x7684;&#x503C;</li>
<li>&#x8FDB;&#x884C;&#x5BF9;&#x6BD4;</li>
</ul>
</li>
<li><p>&#x5982;&#x679C;&#x6BD4;&#x8F83;&#x4E4B;&#x540E;&#x4E24;&#x503C;&#x4E00;&#x6837;&#xFF0C;&#x90A3;&#x4E48;&#x4EE3;&#x8868;&#x662F;&#x6B63;&#x5E38;&#x7684;&#x8BF7;&#x6C42;&#xFF0C;&#x5982;&#x679C;&#x6CA1;&#x53D6;&#x5230;&#x6216;&#x8005;&#x6BD4;&#x8F83;&#x4E0D;&#x4E00;&#x6837;&#xFF0C;&#x4EE3;&#x8868;&#x4E0D;&#x662F;&#x6B63;&#x5E38;&#x7684;&#x8BF7;&#x6C42;&#xFF0C;&#x4E0D;&#x6267;&#x884C;&#x4E0B;&#x4E00;&#x6B65;&#x64CD;&#x4F5C;</p>
</li>
<li><p>&#x63D0;&#x793A;:&#x4EE3;&#x7801;&#x5C55;&#x793A;:&#x89C1;&lt;&lt; webA &gt;&gt;, &lt;&lt; webB &gt;&gt;&#x6587;&#x4EF6;</p>
</li>
</ol>
<h3 id="&#x56DB;csrf&#x6821;&#x9A8C;&#x673A;&#x5236;&#x4F5C;&#x7528;&#x57DF;&#x4EE3;&#x7801;">&#x56DB;.csrf&#x6821;&#x9A8C;&#x673A;&#x5236;&#x4F5C;&#x7528;&#x57DF;&#x4EE3;&#x7801;</h3>
<ul>
<li>flask_wtf&#x6A21;&#x5757;&#x63D0;&#x4F9B;&#x4E86;csrf&#x653B;&#x51FB;&#x7684;&#x4FDD;&#x62A4;</li>
<li><p>&#x4F7F;&#x7528;&#x6D41;&#x7A0B;:</p>
<ul>
<li>from flask_wtf.csrf import CSRFProtect</li>
<li>CSRFProtect(app)</li>
</ul>
</li>
<li><p>CSRFProtect(app)&#x4FDD;&#x62A4;&#x539F;&#x7406;:</p>
<ul>
<li>&#x5BF9;&#x5E94;&#x7528;&#x7A0B;&#x5E8F;app&#x4E2D;&#x7684;post,put,dispatch,delete, 4&#x79CD;&#x7C7B;&#x578B;&#x7684;&#x8BF7;&#x6C42;&#x505A;&#x4FDD;&#x62A4;,&#x56E0;&#x4E3A;&#x8FD9;&#x4E9B;&#x7C7B;&#x578B;&#x7684;&#x8BF7;&#x6C42;&#x662F;&#x7528;&#x4E8E;&#x66F4;&#x6539;&#x670D;&#x52A1;&#x5668;&#x7684;&#x8D44;&#x6E90;</li>
<li>&#x5F53;&#x4EE5;&#x4E0A;&#x9762;4&#x79CD;&#x7C7B;&#x578B;&#x7684;&#x8BF7;&#x6C42;,&#x64CD;&#x4F5C;&#x670D;&#x52A1;&#x5668;&#x8D44;&#x6E90;&#x7684;&#x65F6;&#x5019;,&#x4F1A;&#x6821;&#x9A8C;cookie&#x4E2D;&#x7684;csrf_token, &#x8868;&#x5355;&#x4E2D;&#x7684;csrf_token&#x4FE1;&#x606F;</li>
<li>&#x53EA;&#x6709;&#x4E0A;&#x9762;&#x4E8C;&#x8005;&#x7684;&#x503C;&#x76F8;&#x7B49;&#x7684;&#x65F6;&#x5019;,&#x90A3;&#x4E48;&#x6821;&#x9A8C;&#x5219;&#x901A;&#x8FC7;,&#x53EF;&#x4EE5;&#x64CD;&#x4F5C;&#x670D;&#x52A1;&#x5668;&#x8D44;&#x6E90;</li>
</ul>
</li>
</ul>
<blockquote>
<p>&#x63D0;&#x793A;: csrf_token&#x503C;&#x7684;&#x751F;&#x6210;&#x9700;&#x8981;&#x52A0;&#x5BC6;, &#x6240;&#x4EE5;&#x8BBE;&#x7F6E;SECRET_KEY</p>
<ul>
<li><strong>&#x4EE3;&#x7801;&#x5C55;&#x793A;</strong></li>
<li>&#x540E;&#x7AEF;&#x4EE3;&#x7801;:</li>
</ul>
</blockquote>
<pre><code class="lang-python"><span class="hljs-keyword">from</span> flask <span class="hljs-keyword">import</span> Flask,render_template
<span class="hljs-keyword">from</span> flask_wtf <span class="hljs-keyword">import</span> CSRFProtect

app = Flask(__name__)

<span class="hljs-comment">#&#x8BBE;&#x7F6E;SECRET_KEY</span>
app.config[<span class="hljs-string">&quot;SECRET_KEY&quot;</span>] = <span class="hljs-string">&quot;fjkdjfkdfjdk&quot;</span>

<span class="hljs-comment">#&#x4FDD;&#x62A4;&#x5E94;&#x7528;&#x7A0B;&#x5E8F;</span>
CSRFProtect(app)

<span class="hljs-decorator">@app.route(&apos;/&apos;)</span>
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">show_page</span><span class="hljs-params">()</span>:</span>

    <span class="hljs-keyword">return</span> render_template(<span class="hljs-string">&apos;file01csrf.html&apos;</span>)

<span class="hljs-decorator">@app.route(&apos;/add_data&apos;,methods=[&quot;POST&quot;])</span>
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">add_data</span><span class="hljs-params">()</span>:</span>

    <span class="hljs-keyword">return</span> <span class="hljs-string">&quot;&#x767B;&#x9646;&#x6210;&#x529F;&quot;</span>

<span class="hljs-keyword">if</span> __name__ == <span class="hljs-string">&apos;__main__&apos;</span>:
    app.run(debug=<span class="hljs-keyword">True</span>)
</code></pre>
<ul>
<li>&#x524D;&#x7AEF;&#x4EE3;&#x7801;,file01csrf.html&#x6587;&#x4EF6;</li>
</ul>
<pre><code class="lang-html"><span class="hljs-doctype">&lt;!DOCTYPE html&gt;</span>
<span class="hljs-tag">&lt;<span class="hljs-title">html</span> <span class="hljs-attribute">lang</span>=<span class="hljs-value">&quot;en&quot;</span>&gt;</span>
<span class="hljs-tag">&lt;<span class="hljs-title">head</span>&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-title">meta</span> <span class="hljs-attribute">charset</span>=<span class="hljs-value">&quot;UTF-8&quot;</span>&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-title">title</span>&gt;</span>Title<span class="hljs-tag">&lt;/<span class="hljs-title">title</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-title">head</span>&gt;</span>
<span class="hljs-tag">&lt;<span class="hljs-title">body</span>&gt;</span>
<span class="hljs-tag">&lt;<span class="hljs-title">form</span> <span class="hljs-attribute">action</span>=<span class="hljs-value">&quot;/add_data&quot;</span> <span class="hljs-attribute">method</span>=<span class="hljs-value">&quot;post&quot;</span>&gt;</span>
    {#&#x8BBE;&#x7F6E;&#x9690;&#x85CF;&#x7684;csrf_token,&#x4F7F;&#x7528;&#x4E86;CSRFProtect&#x4FDD;&#x62A4;app&#x4E4B;&#x540E;,&#x5373;&#x53EF;&#x4F7F;&#x7528;csrf_token()&#x65B9;&#x6CD5;#}
    <span class="hljs-tag">&lt;<span class="hljs-title">input</span> <span class="hljs-attribute">type</span>=<span class="hljs-value">&quot;hidden&quot;</span> <span class="hljs-attribute">name</span>=<span class="hljs-value">&quot;csrf_token&quot;</span> <span class="hljs-attribute">value</span>=<span class="hljs-value">&quot;{{ csrf_token() }}&quot;</span>&gt;</span>

    <span class="hljs-tag">&lt;<span class="hljs-title">label</span>&gt;</span>&#x7528;&#x6237;&#x540D;:<span class="hljs-tag">&lt;/<span class="hljs-title">label</span>&gt;</span> <span class="hljs-tag">&lt;<span class="hljs-title">input</span> <span class="hljs-attribute">type</span>=<span class="hljs-value">&quot;text&quot;</span> <span class="hljs-attribute">name</span>=<span class="hljs-value">&quot;username&quot;</span>&gt;</span><span class="hljs-tag">&lt;<span class="hljs-title">br</span>&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-title">label</span>&gt;</span>&#x5BC6;&#x7801;:<span class="hljs-tag">&lt;/<span class="hljs-title">label</span>&gt;</span> <span class="hljs-tag">&lt;<span class="hljs-title">input</span> <span class="hljs-attribute">type</span>=<span class="hljs-value">&quot;text&quot;</span> <span class="hljs-attribute">name</span>=<span class="hljs-value">&quot;username&quot;</span>&gt;</span><span class="hljs-tag">&lt;<span class="hljs-title">br</span>&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-title">input</span> <span class="hljs-attribute">type</span>=<span class="hljs-value">&quot;submit&quot;</span> <span class="hljs-attribute">value</span>=<span class="hljs-value">&quot;&#x767B;&#x9646;&quot;</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-title">form</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-title">body</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-title">html</span>&gt;</span>
</code></pre>

                    
                    </section>
                
                
                </div>
            </div>
        </div>

        
        <a href="../mo-ban/te-you-bian-liang-he-han-shu.html" class="navigation navigation-prev " aria-label="Previous page: 模板特有变量"><i class="fa fa-angle-left"></i></a>
        
        
        <a href="../shu-ju-ku.html" class="navigation navigation-next " aria-label="Next page: 数据库"><i class="fa fa-angle-right"></i></a>
        
    </div>
</div>

        
<script src="../gitbook/app.js"></script>

    
    <script src="../gitbook/plugins/gitbook-plugin-toggle-chapters/toggle.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-livereload/plugin.js"></script>
    

<script>
require(["gitbook"], function(gitbook) {
    var config = {"fontsettings":{"family":"sans","size":2,"theme":"white"},"toggle-chapters":{},"splitter":{},"emphasize":{},"expandable-chapters-small":{},"highlight":{},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"livereload":{}};
    gitbook.start(config);
});
</script>

        <!-- body:end -->
    </body>
    <!-- End of book Flask框架 -->
</html>
